From: Ard Biesheuvel <ardb@kernel.org>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ross Philipson <ross.philipson@oracle.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org,
dpsmith@apertussolutions.com, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, dave.hansen@linux.intel.com, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu,
herbert@gondor.apana.org.au, davem@davemloft.net,
corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org,
baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com,
andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v11 00/20] x86: Trenchboot secure dynamic launch Linux kernel support
Date: Fri, 1 Nov 2024 09:50:44 +0100 [thread overview]
Message-ID: <CAMj1kXHFDMKEH46MG3731FS043XyxHchoTJtDOst6kvfMezUuQ@mail.gmail.com> (raw)
In-Reply-To: <D5AF9K79H8WO.PVW93P31GHMH@kernel.org>
On Fri, 1 Nov 2024 at 01:40, Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> On Fri Nov 1, 2024 at 2:33 AM EET, Jarkko Sakkinen wrote:
> > On Fri Nov 1, 2024 at 1:08 AM EET, Thomas Gleixner wrote:
> > > On Fri, Nov 01 2024 at 00:37, Jarkko Sakkinen wrote:
> > > > On Thu Oct 31, 2024 at 9:25 PM EET, Thomas Gleixner wrote:
> > > >> So this looks pretty reasonable to me by now and I'm inclined to take it
> > > >> through the tip x86 tree, but that needs reviewed/acked-by's from the
> > > >> crypto and TPM folks. EFI has been reviewed already.
> > > >>
> > > >> Can we make progress on this please?
> > > >
> > > > So TPM patches do have bunch of glitches:
> > > >
> > > > - 15/20: I don't get this. There is nothing to report unless tree
> > > > is falling. The reported-by tag literally meaningless. Maybe this
> > > > is something that makes sense with this feature. Explain from that
> > > > angle.
> > > > - 16/20: Is this actually a bug fix? If it is should be before 15/20.
> > > > - 17/20: the commit message could do a better job explaining how the
> > > > locality can vary. I'm not sure how this will be used by rest of
> > > > the patch set.
> > > > - 18/20: I'm not confident we want to give privilege to set locality
> > > > to the user space. The commit message neither makes a case of this.
> > > > Has this been tested to together with bus encryption (just checking)?
> > >
> > > Can you please explicitely voice your detailed technical concerns in
> > > replies to the actual patches?
> >
> > - 15/20 looks like a rigged patch. I don't really know why it is done
> > so it is hard to either suggest how "resolve it".
> > - 16/20 probably makes sense but if it is a bug fix or part of it is,
> > the bug fix should have relevant fixes etc tags so that it can be
> > picked up to stable kernels.
> > - 17-18/20: I'd speak about this as the "one whole" i.e. here the
> > privilege to be able change locality during run-time is really
> > concerning. Could the locality be figured out for the kernel
> > command-line instead? The sysfs attribute can exist as read-only.
> >
> > So yeah, the way I see it 15-16 are the more trivial issue to sort
> > out (probably) but with 17-18 we have an actual architectural concern
> > for kernel overall.
>
> Further:
>
> 15/20: I can accept this without reported-by tag (or changed as
> suggested-by). It does not harm.
> 16/20: I'll re-review this with time. I'll try to get this done
> latest next week.
>
> So let's put focus only on 17 and 18. Can this problem be sorted out
> by kernel command-line parameter? In the case of locality we want to
> keep regular "chain of trust" i.e. boot-loader makes the decision,
> *even* in the case of DRTM. I would call this almost as constraint
> that would be wise to set.
>
Please don't add a kernel command line parameter for this - the code
running in the decompressor will be the one setting it and there are
better ways to pass information between these components (and the
slaunch stack is already doing that in any case)
Also, let's have this discussion in the appropriate place, i.e., on
the thread for each respective patch.
next prev parent reply other threads:[~2024-11-01 8:50 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-13 20:04 [PATCH v11 00/20] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2024-09-13 20:04 ` [PATCH v11 01/20] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2024-11-01 19:31 ` Elliott, Robert (Servers)
2024-09-13 20:04 ` [PATCH v11 02/20] x86: Secure Launch Kconfig Ross Philipson
2024-09-13 20:05 ` [PATCH v11 03/20] x86: Secure Launch Resource Table header file Ross Philipson
2024-09-13 20:05 ` [PATCH v11 04/20] x86: Secure Launch main " Ross Philipson
2024-09-13 20:05 ` [PATCH v11 05/20] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2024-09-13 20:05 ` [PATCH v11 06/20] x86: Add early SHA-256 " Ross Philipson
2024-09-13 20:05 ` [PATCH v11 07/20] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2024-09-13 20:05 ` [PATCH v11 08/20] x86/boot: Place TXT MLE header in the kernel_info section Ross Philipson
2024-09-13 20:05 ` [PATCH v11 09/20] x86: Secure Launch kernel early boot stub Ross Philipson
2024-09-13 20:05 ` [PATCH v11 10/20] x86: Secure Launch kernel late " Ross Philipson
2024-09-13 20:05 ` [PATCH v11 11/20] x86: Secure Launch SMP bringup support Ross Philipson
2024-09-13 20:05 ` [PATCH v11 12/20] kexec: Secure Launch kexec SEXIT support Ross Philipson
2024-09-13 20:05 ` [PATCH v11 13/20] x86/reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2024-09-13 20:05 ` [PATCH v11 14/20] tpm: Protect against locality counter underflow Ross Philipson
2024-11-01 9:33 ` Jarkko Sakkinen
2024-09-13 20:05 ` [PATCH v11 15/20] tpm: Ensure tpm is in known state at startup Ross Philipson
2024-11-01 9:37 ` Jarkko Sakkinen
2024-11-02 14:02 ` Jarkko Sakkinen
2024-09-13 20:05 ` [PATCH v11 16/20] tpm: Make locality requests return consistent values Ross Philipson
2024-11-01 10:04 ` Jarkko Sakkinen
2024-11-02 14:26 ` Jarkko Sakkinen
2024-09-13 20:05 ` [PATCH v11 17/20] tpm: Add ability to set the default locality the TPM chip uses Ross Philipson
2024-11-01 10:05 ` Jarkko Sakkinen
2024-11-02 1:37 ` [RFC PATCH] tpm, tpm_tis: Introduce TPM_IOC_SET_LOCALITY Jarkko Sakkinen
2024-11-02 1:39 ` Jarkko Sakkinen
2024-11-02 6:22 ` [RFC PATCH v2 1/2] " Jarkko Sakkinen
2024-11-02 6:22 ` [RFC PATCH v2 2/2] tpm: show the default locality in sysfs Jarkko Sakkinen
2024-11-02 6:29 ` [RFC PATCH v2 1/2] tpm, tpm_tis: Introduce TPM_IOC_SET_LOCALITY Jarkko Sakkinen
2024-11-02 9:02 ` Ard Biesheuvel
2024-11-02 10:38 ` Jarkko Sakkinen
2024-11-02 10:40 ` Jarkko Sakkinen
2024-11-02 10:52 ` Ard Biesheuvel
2024-11-02 13:39 ` Jarkko Sakkinen
2024-11-02 14:07 ` Jarkko Sakkinen
2024-09-13 20:05 ` [PATCH v11 18/20] tpm: Add sysfs interface to allow setting and querying the default locality Ross Philipson
2024-11-01 3:17 ` James Bottomley
2024-11-01 10:06 ` Jarkko Sakkinen
2024-11-01 21:50 ` Jarkko Sakkinen
2024-11-01 21:56 ` Jarkko Sakkinen
2024-09-13 20:05 ` [PATCH v11 19/20] x86: Secure Launch late initcall platform module Ross Philipson
2024-09-13 20:05 ` [PATCH v11 20/20] x86/efi: EFI stub DRTM launch support for Secure Launch Ross Philipson
2024-10-31 19:25 ` [PATCH v11 00/20] x86: Trenchboot secure dynamic launch Linux kernel support Thomas Gleixner
2024-10-31 22:37 ` Jarkko Sakkinen
2024-10-31 23:08 ` Thomas Gleixner
2024-11-01 0:33 ` Jarkko Sakkinen
2024-11-01 0:40 ` Jarkko Sakkinen
2024-11-01 8:50 ` Ard Biesheuvel [this message]
2024-11-01 9:18 ` Jarkko Sakkinen
2024-11-01 9:30 ` Jarkko Sakkinen
2024-11-01 14:51 ` Jarkko Sakkinen
2024-11-01 10:28 ` Jarkko Sakkinen
2024-11-01 20:34 ` Thomas Gleixner
2024-11-01 21:13 ` Jarkko Sakkinen
2024-11-01 21:19 ` Jarkko Sakkinen
2024-11-01 22:04 ` Thomas Gleixner
2024-11-01 22:18 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXHFDMKEH46MG3731FS043XyxHchoTJtDOst6kvfMezUuQ@mail.gmail.com \
--to=ardb@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).